[ntp:questions] NTP Mode 6 queries in 4.2.8p10
PBellino at advaoptical.com
Mon Aug 12 10:27:32 UTC 2019
I am running ntp-4.2.8p10.
I have a user who is complaining that we are responding to mode 6 requests as follows:
[www at eng ~]$ ntpq -c rv 192.xx.xx.xx
associd=0 status=0615 leap_none, sync_ntp, 1 event, clock_sync,
version="ntpd 4.2.8p10 at 1.3728<mailto:4.2.8p10 at 1.3728> Thu Jul 12 18:15:43 UTC 2018 (1)",
processor="ppc", system="Linux/2.6.22", leap=00, stratum=4,
precision=-12, rootdelay=43.665, rootdisp=89.247, refid=192.168.56.185,
reftime=e0f2824f.423d1b2d Mon, Aug 5 2019 6:24:15.258,
clock=e0f289e9.82f3c482 Mon, Aug 5 2019 6:56:41.511, peer=32846,
tc=10, mintc=3, offset=-2.945153, frequency=6.130, sys_jitter=0.000000,
[www at eng ~]$
I see that NTP Bug 3118 for CVE-2016-9310 was addressed in 4.2.8p9.
Forgive me for my lack of knowledge in this area, but does the above command and output still show the vulnerability?
If so, is the fix (as NTP Bug 3118 explains) to add "restrict default noquery" to the ntp.conf file?
If this is the fix, then all queries are shutoff, correct?
Thanks for any assistance you can provide.
More information about the questions